Acceptable Use Policy

Purpose

This Acceptable Use Policy ("AUP") describes the activities permitted and prohibited on the TROY platform. It supplements the Terms of Service. By using TROY you agree to comply with this AUP.

Permitted activities

• Phishing simulation campaigns sent to personnel of an organization that has provided written authorization for such testing.
• Security awareness training emails sent to personnel of such an organization.
• Operator account communications related to the operation of authorized campaigns.

Prohibited activities

• No unsolicited mail. The Platform must not be used to send unsolicited commercial email or any form of bulk email outside the scope of an authorized simulation.
• No targeting without authorization. No campaign may be sent to personnel of an organization that has not provided written authorization for the test.
• No public-facing addresses. Targets must be specifically named individuals known to belong to the authorizing organization. Catch-all addresses, scraped lists, and purchased lists are prohibited.
• No malware. The Platform must not be used to deliver malware, ransomware, exploit code, or any payload that interferes with the recipient's systems beyond the limited demonstration of a phishing landing page.
• No persistent credential storage. Credentials submitted to a simulation landing page must be discarded within the documented retention window. They may not be exfiltrated, sold, or used to access any system.
• No impersonation of regulators or law enforcement. Campaigns may not impersonate government agencies, courts, regulators, or law-enforcement bodies.
• No targeting of consumers. The Platform is for workforce simulations only. It may not be used to target consumers or members of the public.
• No interference with the Platform. No attempts to bypass rate limits, deliverability controls, tenant isolation, or any other Platform safeguards.

Reporting and enforcement

Suspected violations should be reported to abuse@troy-mail.com. We respond to abuse reports within one business day. Confirmed violations result in immediate suspension of the offending tenant pending investigation, and may result in termination, reporting to relevant authorities, and forfeiture of fees.

Changes

We may update this AUP from time to time. Material changes will be communicated to operators by email at least thirty days before they take effect.

Contact

Questions about this AUP: legal@lancelotech.com. Abuse reports: abuse@troy-mail.com.